Ok, readers. Some of you following, or simply users of @AccessDataGroup or @ADMobilTraining Mobile Phone Examiner Plus say,
“Hey, did the version go from 4.8 to 5.0?”
A resounding yes.
The easy explanation:
There are so many upgrades to 5.0 that users of 4.8 will not even recognize the look or the operation of the product. Seriously, the product has not only been re-skinned but injected with unbelievable features.
Yes @AccessDataGroup has added over 1300 new device profiles to include the legacy phones that no other tool currently represents, but added new Android devices and Blackberry profiles. This upgrade is keeping up with the joneses but coupled with the addition of physical support of Samsung Galaxy Series II devices that are locked AND have USB Debugging OFF, MPE+ is moving into a category of it’s own. Yes, USB Debugging OFF!
Honestly though, those features pale in comparison to the user interface update, visualization, SQLDatabase Viewer and FreeFile Parser. This is a FIRST in the mobile forensic community; the addition of all these unique features under one hood is unprecedented and unrivaled.
Lets break each of those features down with some iCandy and captions.
New User Interface
The look and feel of MPE+ 5.0 allows custom skins for the user. Whatever the preference of the user, they simply have to goto the settings menu and select from MPE Black to Blue to Windows 7. We also added the ability in the settings menu to customize the concurrent carvers. This allows our data carving to move much faster since we allow the examiner to tailor to their hardware.
Visualization
The visualization component is a feature that first came to FTK and now has been added to MPE+. There are some companies that talk about analytics, but when you “see” the data it makes an impact. If it makes an impact on you, what do you think it will do with the courtroom, litigation team and customer. This feature is a trail-maker, path-burner, zero-day event. The other vendors will be scrambling for a solution after this release.
With MPE+ 5.0 you can visualize both a timeline and/or social communication in MPE+. This allows you to immediately see, snap a picture and report on ONLY the data you are looking for based upon a date/time or date range you choose. Also, the social analyzer allows you to select the contacts you would like to see, visually, and what their communication patterns with the phone owner looks like for Email, SMS, MMS and Call Logs. This is all laid out in a pie, bar graph, grid and cluster chart. Here are a few adjectives to describe this feature: unrivaled, unparalleled, unbelievable and incredible! You can immediately see who is hot and who is not!
SQL Database Viewer
I hate to say it but iOS and Android devices are so active with applications there is no way a software company can keep up with the demand of forensic support of all of them! So, @AccessDataGroup has added the ability to visualize ALL SQLite databases and their tables from within MPE+. You can view the columns and rows uncovering usernames, passwords, geodata, dates, times and any other data held within the device’s treasure trove. Not only can this data be viewed but you can export directly to Microsoft Excel. Say MPE+ does not do what you want with the file? Simply right click and export the raw file to any place you want it! It’s that easy!
FreeFile Parser
This could go on and on with the new features, but lets end it with the FreeFile Parser and Filters. We know that deleted data can live within logical SQL database files in iOS and Android, but few tools allow you to actually get into those “pages”. Well, MPE+ 5.0 now allows to simply right-click on any SQL database and select to parse for deleted data. This immediately harvests all the data strings from the area allocated to store this deleted data and displays it to you in a nice grid format. Now add the next feature, filters, and you will understand why @AccessDataGroup skipped to 5.0.
Filters
You can filter ANY datatype column in MPE+ on a datatype that lives in a cell and even filter based on user set criteria Nested filtering is also supported. What this will allow is the ability to narrow the focus of your examination, select and export only the relevant data. So, looking through 25,000 SMS files for that one message is made easy.
If you are a current MPE+ user, I cannot wait to hear what you think. If you are a current FTK user without a copy of MPE+, why have you not added the software to your toolset? If you have other mobile phone solutions can you currently conduct this type of examination?
The release date for @AccessDataGroup MPE+ 5.0 is August 28th, 2012.
